What you need to know about Mailer Daemon Spam

If your inbox suddenly fills up with emails from the “mailer daemon”, here’s what you can do. To clarify what’s going on (we’ll go into more detail below):

  • The email has been sent and the recipient cannot be found (or their mailbox is full)

  • It will be returned to you because email systems think you sent it.

Contents
  1. If you receive spam mail
  2. Why does it exist in the first place?
  3. How Mailer Daemon Delivery Reports Are Created
  4. Sidebar: How the delivery report recipient is determined
  5. How does Mailer Daemon Spam start?
  6. Is anything being done to stop Mailer Daemon spam?

If you receive spam mail

If you receive many delivery error reports from the mailer daemon, do the following:

  1. Scan your computer and devices for malware and viruses.

    • Mailer spam can be the result of a malware infection (on one of your computers) that sends emails with your address behind your back; It is best to rule out this case.

    • Ideally, scan when disconnected from the Internet.

    • If you find an infection, clean your machines and change all passwords, especially those you have for email and social networks.

  2. Report spam in your email program as spam in your email program or service.

    This will allow the spam filter to delete such useless and annoying messages about a delivery failure in the future.

  3. If you don’t feel comfortable clicking “Spam” on anything that can train a spam filter to exclude messages you want to receive in the future (mailer daemon delivery error reports), simply delete all unwanted e-mails. mail from the mailer daemon.

Alternatively, you can create a filter in your mailer or service that will automatically delete all emails from the same mailer daemon address with the same subject line.

Now that you know what to do, let’s see how it can happen when you get these awesome messages.

Why does it exist in the first place?

Mailer daemon emails are generally harmless and useful delivery reports, not spam. Let’s see how and when these mailer daemon messages are generated.

If you send someone a message and it isn’t delivered, don’t you want to know?

Email is a many, many player system that works like an email system: you forward your email to one server (or “mail daemon”), that server forwards the message to another and possibly more emails. -mail daemons, until the message is finally delivered to the recipient’s inbox. The whole process can take some time (although it usually takes a few seconds of course) and only that last server knows if the email can actually be delivered.

How Mailer Daemon Delivery Reports Are Created

Since you, the sender, would like to know about a failed delivery, the mailer daemon tries to warn you. It does this by using what a mailer daemon does best: sending email.

So a mailer daemon error message is generated: it says what happened – usually the email could not be delivered – possibly the cause of the problem and the server trying to deliver the email again. This delivery report email is, of course, addressed to and sent to the sender of the original email.

How “original sender” is defined is another story, and we’re assuming your assumption is wrong. If you’re curious about why mailer daemons don’t use the “From:” string to determine the sender of an email, don’t skip the next sidebar.

Sidebar: How the delivery report recipient is determined

As you probably know, every letter has one or more recipients and a sender. Recipients appear in the To:, Cc:, and Bcc fields, and the sender’s email address appears in the From: line. None of these are used by email servers to deliver email messages, and in particular the “From:” field does not identify the sender of the email, as is used for return delivery reports.

Instead, when an email is initially sent, the sender and recipient are reported separately from and for the content of the email (which contains the “From:” and “To” fields for this purpose).

Imagine someone picking up a letter for you. Of course you wrote the name and address of the recipient on the envelope and wrote down your address. At the post office, they don’t just hand over a letter for delivery and still give an envelope. You can say “This is from Cory Davy at 70 Bowman St.”, and “Send this to Lindsey Page at 4 Goldfield Rd.; yes, don’t mind what it says on the envelope.

Before tossing the letter in the middle of the delivery, the postal worker makes a note on the back of the envelope: “Come back: Corey Davey, St. Sagittarius, 70”.

This is also roughly how email works: each email will have a header (similar to “From:” and “To:”) called “Return-Path:” with the sender’s address. This address is used to report delivery errors – and to report spam from email daemons.

How does Mailer Daemon Spam start?

For ordinary letters, everything is fine. If the delivery fails, for example because you mistyped an address, or if the recipient hasn’t checked a free email account in years and that account has expired, the mailer daemon will generate a delivery error message for you, the original sender.

For spam, phishing attempts, and messages generated by worms and other malware, the process goes awry, or rather, the delivery error is sent the wrong way. To find out why we need to turn to the sender.

Each letter must have a sender and the sender’s address. This includes spam and emails that distribute malware. Understandably, these senders don’t want to use their own email address – otherwise they’ll get complaints, be easy to report, and inundated with a mailer daemon…spam.

To receive an email, it is good to set a real email address as the sender. So instead of just making up addresses, spammers and viruses often search for random addresses in people’s address books.

Is anything being done to stop Mailer Daemon spam?

If mail servers send delivery reports back to all those spoofed “senders” when spam or malicious email can’t be delivered, the problem will be much bigger than it is: After all, spam is sent by the billions, mostly to non-existent addresses.

Fortunately, email servers can take steps to limit the number of useless delivery notifications they send:

  • Mail servers will attempt to determine if the return address has been forged before sending a delivery error message; if the address is clearly not the real sender, no error message will be sent.

  • They will also carefully examine the content of the message to determine if it is spam; if the message has a very high probability of being spam, the server can simply discard the message without sending a delivery error message – which in itself is probably considered spam from the mailer daemon.

  • E-mail servers that receive a large number of failed deliveries to an address, usually containing content that is spam or malware, may delete these messages or quarantine them in the spam folder of the e-mail service.

Leave a Reply

Your email address will not be published.